from the more-access-than-oversight:-always-a-bad-idea dept

Just recently we covered the story of the rampant abuse of Minnesota driver's license data and the resulting lawsuits, including one featuring 18 plaintiffs. One of the plaintiffs, Steve Drazkowski, is a state representative that had his information illegally accessed over 600 times by various state employees, something he believes was politically motivated.

Jessica Miles, a KSTP-TV midday anchor and reporter, became the news herself on Monday.

Miles filed a federal lawsuit claiming that her private driver’s license information was illegally searched about 1,380 times, believed to be the highest number so far in the mushrooming scandal.

Yes, 1,380 times by personnel from 180 different agencies, according to her lawyer. This sort of impropriety adds up quickly for the state, which provides for a fine of $2,500 per incident, bringing the possible total to $3.5 million. The total could go even higher as Miles' lawyer is seeking additional damages.

This information first came to Miles' attention via a letter from the Dept. of Public Safety, which stated her information had been inappropriately accessed. She contacted the director of Driver and Vehicle Services, who downplayed the access and (very possibly) lied about the number of times this access had occurred.

McCormack told Miles that only one employee had inappropriately obtained her information and “the department has taken the appropriate and allowable disciplinary actions necessary to address this matter with the employee.” She told her the “motive” was “basic curiosity” and inappropriate accesses was not a widespread ­concern, the suit says.

As the director of Driver and Vehicle Services, it's barely conceivable that McCormack didn't know of any other incidents involving Miles' data. Barely. It may even be possible that she had no idea that this illegal database access was, in fact, very widespread. But this seems highly unlikely, given the result of two recent state audits.

In the last two years, audits have revealed that about 160 individuals, mostly in government agencies, have improperly used Minnesota's Driver and Vehicle Services (DVS) database. Protected under state and federal law, it contains photographs, addresses, driving records, physical descriptions and other details about most Minnesotans.

Hunt, a former employee of the Dept. of Natural Resources, is accused of looking up 18,844 records over a five-year period, 94% of them belonging to women. In true bureaucratic fashion, Hunt's unnoticed abuse resulted in him obtaining the perfect position to forge ahead with his full-scale assault on the DVS database.

Ironically, the Department of Natural Resources had designated Hunt as among those in charge of open records requests and data training. His responsibilities included ensuring that new DNR officers completed training in DVS data use.

Among the many, many women whose info Hunt sifted through was none other than Jessica Miles herself. This earlier article doesn't name names, but the following seems like too much of a coincidence to be anyone else.

Miles' problems went deeper than simple cyberstalking by various state employees. The misuse of the database also led to a case of identity theft.

A month [after contacting McCormack], TCF Bank notified Miles that someone went into a Mankato-area TCF Bank, and using her name, switched the account and the bank issued a new card. Miles contacted McCormack, who told her that the incident had been addressed. The suit alleges that the TCF incident occurred because Miles’ driver’s license information had been obtained.

“McCormack fraudulently concealed from Jessica the massive extent” of the intrusion into her private data, the suit claims.

However the "incident" was addressed was obviously too little, too late. The staggering amount of abuse uncovered is going to cost the state (read: taxpayers) millions of dollars and the entire system is in dire need of a significant overhaul and some deterrents with actual bite to them.

When other agencies (we all know who I'm talking about here) with access to even more personal data claim it's in good hands and constantly steer the conversation in the direction of its "authority" rather than its "ability," this debacle in Minnesota should make it perfectly clear that authority rarely, if ever, trumps ability. Every system can be abused and the more people who have access only increases the chances that it will be.

Re: And, by omission: Google, Facebook, and other corporate employees are above suspicion?

I believe you are exactly the TOOL that the NSA needs. Spread FUD over trivial things. Let me help you:

Mastercard and Visa know every single purchase you made, and also every return. They Sell that private information secretly, and then sell your payment history to Equifax (and others) who store it for 3-7 years...effectively making a black book of who is "responsible". You do not know what it says about you...but if you had a financial based company, you could pay $25, as long as you promise never to reveal the secrets you learn to the consumer. And that is LEGAL!

And then - this is the kicker - private companies can request a list of people with this buying habit living near you.

Further, although I am personally allergic to the type of data collection Google (et al) engages in and actively avoid it, the fact is that people who don't mind being spied on should be allowed to take Google up on their offer, and Google should be allowed to offer such an arrangement. The key is informed consent.

This isn't a case of private corporations abusing data. This is government employees abusing government databases, and it's only going to get worse when that Obamacare monstrosity gets fully implemented.

You think it's bad now when some shifty government worker gets hold of your DMV data? At least all he has there is your name and address. What happens when the database includes every personal, private medical issue you've ever had, your sexual orientation, your genetic information... It's gonna be brave new world out there.

They keep making laws to make sure we live up to our personal responsibilities, maybe it is time to make them personally responsible for misconduct on their watch.

This isn't you missed someone stealing a box of paperclips, this is rampant abuse and the citizens shouldn't have to bear the full burden for your failures. The individuals who did it, ignored it, lied about it, covered it up should all be found personally responsible and if the law bars that it is time to remove that portion of the law.

i bet with the right mix of simple meta-data they can make a *really* good guess:

*when* and *where* you accessed an ATM, or made a withdrawal...

*where* your GPS from the phone and/or vehicle shows you went...

*what* businesses are in that area and *who* lives in that area...

*what* an examination of your web of friends, contacts, etc would show...

...and that you withdrew X dollars, went to *this* area you go to about once a month, and find that *that* acquaintance deposited X dollars after your trip: BUSTED ! ! !

seriously, i'm not sure how much using cash protects you from the prying eye of Sauron; if he turns his fiery gaze on you, you are screwed...

i don't care if you are pope francis, mother teresa, mr rogers, and jesus christ combined, if Sauron turns his deadly gaze on you, you are toast... they will either find *something*/*anything* to media blast you with, OR, they will simply make it up: you/we are personally HELPLESS against the might of Empire...

Although I'm not a fan of over-large databases, especially of stuff like that, we manage to have large patient databases in Europe without this sort of institutionalised abuse by having robust and strongly enforced laws.